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Description 

[0001 ] The invention relates in general to locating a device, which is connected to a packet data network via an access 
network. The invention relates particularly to transmitting location information from the access network to a location 
5 server in the packet data network. 

[0002] In cellular networks, for example in Global System for Mobile communications (GSM), the cellular network 
keeps track of the location of a mobile station (MS) at least on cell level. It is also possible that the geographical location 
of a MS is determined. Information about the geographical location of a MS can be useful, for example, for certain 
services or in emergency situations. 

w [0003] There are various services available in the Internet. Many of these services would gain from receiving infor- 
mation, which indicates the location of the device asking for service. For example, an international business may have 
a service, which automatically gives information about the stores or service points near the user's current location. 
Currently it is not possible to locate an IP device connected to the Internet, other than using its IP address. An IP address, 
on the other hand, is not a reliable way to locate a device, as using Mobile IP it is possible to temporarily or more 

15 permanently change the location of a device without changing IP address. 

[0004] In GSM, there are certain circuit-switched data services using which it is possible to have a data connection 
between, for example, a laptop having a card phone and a server in the Internet. General Packet Radio Service (GPRS), 
which is an addition to the GSM, is an example of a wireless packet switched network. GRPS and GSM, among other 
cellular networks, can be used as access networks to packet data networks. A packet data device can be connected to 

20 a mobile station, and via the mobile station and a cellular network, the packet data device can communicate with a 
packet data network. It is possible to locate the packet data device, for example, by locating the mobile station to which 
it is connected. It would be convenient to transmit location information about the packet data device to a server in the 
packet data network from an access network, for example from a cellular network. There are, however, problems relating 
to the confidentiality of location information and to the need of authenticating the parties who request location information. 

25 [0005] Figure 1 presents a schematic diagram of a GSM network and a GPRS network as an example of an access 
network through which a packet data device can be connected to a packet data network 1 30. A mobile station (MS) 1 01 
communicates with a base station (BTS) 1 12a. There may be, for example, a lap top computer or other packet data 
device 102, connected to the mobile station 1 01. It is also possible that the mobile station is capable of transmitting and 
processing packet data. In the GSM radio access network (RAN) 110, base stations are connected to base station 

30 controllers (BSC). In Figure 1 base stations 1 12a and 1 12b are connected to a base station controller (BSC) 113. The 
base station controller is responsible, for example, for allocation of radio resources and for handling handovers, where 
a mobile station changes the base station it communicates with. The base stations and base station controllers form the 
GSM RAN 110. 

[0006] There are separate core networks for the GSM and the GPRS. A GSM core network 140 comprises in the fixed 
35 part of the network Mobile Service Switching centers (MSC), and one MSG 141 , to which the BSC 1 13 is connected, is 
presented as an example in Figure 1 . The GSM core network 1 40 is usually connected to a Public Switched Telephone 
Network (PSTN). The GPRS core network 120 comprises GPRS supporting nodes (GSN). Of these nodes, the one 
which interfaces a packet data network 1 30, for example the I ntemet, is called Gateway GPRS supporting node (GGSN). 
In Figure 1 , a GGSN 1 22 is presented. Data packets may run through many GSNs, which act as routers. A mobile station 
^0 or a packet data device connected to the mobile station, which is the endpoint of the data connection, is reachable 
through one base station controller and the GSN connected to this base station controller is called Serving GPRS support 
node (SGSN). In Figure 1, the mobile station 101 or device 102 is reachable via the BSC 113 and the GSN connected 
to this BSC is SGSN 121. 

[0007] There are also network elements, which are common for the GSM and GPRS networks. In Figure 1 the common 
45 part of the GSM and GPRS networks is presented as a separate network cloud 150. The common part of the GSM and 
GPRS comprises, for example, Home Location Register (HLR) 151 and Visitor Location Register (VLR) 1 52, which take 
part in subscriber and mobility management. Furthermore, there is an entity called Mobile Location Center (MLC) 153, 
which is responsible for determining the location of a mobile station. 

[0008] An entity, which is external to the GSM network, may query the location of a certain mobile station by sending 
50 a location requestto a Gateway Mobile Location Center (GMLC). Figure 2 presents an example of the message sequence 
related to the locating of the mobile station. In Figure 2, the network elements relating to the procedure are marked with 
vertical lines, and the name of the entity is above each line. The messages are marked with arrows. The messages and 
names of the messages are given as examples; the location procedure may alternatively be carried out in a different 
manner than presented in Figure 2. An entity requesting the location of a certain mobile station is usually called a Location 
55 Service (LCS) Client. This entity sends a LCS request 201 to the GMLC. The LCS request comprises an identifier, for 
example I MSI (International Mobile Subscriber Identifier) or MSISDN, specifying the mobile station, whose iocation is 
queried. The GMLC authenticates the LCS Client to make sure that it is entitled to receive location information. After 
successful authentication the GMLC asks with the Routing Data message 202 the HLR, which is related to the mobile 
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station, the current or latest MSC, through which the mobile has been reachable; this MSC is called the Visiting MSC 
(VMSC). After receiving information about the VMSC from the HLR, the GMLC send a Subscriber Request 203 to this 
VMSC. The VMSC typically pages 204 the MS in question to receive information about the cell, in which the mobile 
station currently is. Thereafter the mobile station is notified of the location query with a LCS notification 205. The mobile 

5 station may either allow or refuse its location to be told. If the mobile station allows its location to be told, the VMSC asks 
a Serving Mobile Location Center (SMLC), which handles the location of mobile stations in the network the mobile station 
currently is in, to locate the mobile station with message 206. Thereafter the geographical location of the mobile station 
is determined. There are various possible ways to determine the location of a mobile station: the cellular network may 
calculate the location of a mobile station using only the information it has, the mobile station may provide some information 

10 for the location process, or the mobile station may perform the location itself, and inform the network about its current 
location. When the SMLC determines the location of a mobile station, various network elements, such as BSC, BS and 
MS itself, may be involved in the location process. The messages relating to determining the location are presented in 
Figure 2 with arrow 207. After the location has been determined, the SMLC returns the location information to the VMSC 
(message 208). The VMSC forwards the location information to the GMLC (message 209), which in turn sends a LCS 

15 response 21 0 to the LCS Client, which initiated the location query. 

[0009] It is possible to give information about the location of a certain mobile station to a party, which is not a part of 
the cellular network. The LCS Client in Figure 2 is an example of such a party. The party requesting location information 
is usually authenticated, because location information generally needs to be treated in a confidential manner. Generally, 
there has to be a pre negotiated contract between the cellular network operator and the party requesting location infor- 

20 mation. When the contract is made, usually some secret authentication information (for example a shared key) is ex- 
changed, and for each request, the party has to present it possesses this secret authentication information, for example 
by encrypting a part of the location request message with the secret key. The GMLC has its copy of the secret keys 
relating to the LCS Clients, for example. When an LCS Client, for example, tells it identity, the GMLC can then check 
using its copy of the a secret key that the LCS Client encrypted the text with the correct key. It is also possible to carry 

25 out a separate authentication procedure. 

[001 0] It is also possible to locate a packet data device 1 01 , which is connected to a packet data network via an access 
network having location tracking capabilities. There may be, for example, a Location Server LS 131 , which is connected 
to a packet data network 130, for example to the Internet. In the Internet, the identifier, which typically distinguishes 
devices from each other, is the IP address. The Location Server thus may know, for example, an IP address of a certain 

30 IP device. To be able to ask from a cellular network the location of the IP device, the Location Server must know to 
which mobile station the IP device is connected. The IP device may thus inform the Location Server, using for example 
a certain application and protocol designed for this purpose, about its IP address and about the MSISDN number of the 
mobile station connected to the IP device. The IP address may be a static IP address, which stays the same even when 
the location of the mobile device/station changes, or a dynamic IP address allocated, for example, by the GPRS network. 

35 if a dynamic IP address is used, there is of course some other identifier such as MSISDN which typically together tell 
to the Location Server the identity of the IP device. 

[0011] There may be a vast number of Location Servers in the Internet. In principle, each of the Location Server 
operators should have a contract with each cellular network operator to ensure that it can locate an IP device which is 
connected to the Internet via a cellular network. The number of contracts a cellular network operator or a Location Server 

*o operator should thus make can be enormous. Furthermore, as a service in the Internet may have a short lifetime, it can 
be a tedious work to maintain a database, for example, containing IP addresses and authentication information of the 
Location Servers, which are authorized to receive location information from a cellular network. Furthermore, a packet 
data device connected to apacket network via an access network, forexampleacellular network, may wish to authenticate 
a Location Server before information about the location of the packet data device is transmitted to the Location Server. 

45 [0012] An object of the invention is to present a flexible and scalable method for processing location information relating 
to a packet data device, which is connected to a packet data network via an access network capable of determining 
location, and for providing said location information to a network element, which is connected to the packet data network, 
after authenticating the network element requesting the location information. A further object of the invention is that the 
packet data device is able to authenticate the network element requesting the location information. 

50 [0013] Objects of the invention are achieved by establishing a security association towards a first network element, 
which is connected to an access network having location determination capabilities and to which location information 
requests from a packet data network are sent, from a second network element with the help a third network element, 
which second and third network elements are connected to the packet data network. Optionally a security association 
pointing from the second network element to the packet data device is also established. 

55 [0014] ETSITS101 724 "Digital cellular telecommunications system (Phase 2+); Location Services (LCS); (Functional 
description)-Siage 2" describes a telecommunications system capable of receiving location requests for rnobiie stations 
from location service clients. 

[001 5] There is provided according to the invention a packet data device according to claim 1 , a mobile station according 
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to claim 7, a system according to claim 9 and a method according to claim 14. 

[001 6] Before location information is transmitted to the second network element, the second network is authenticated. 
This can be done by establishing a security association from the second network element to the first network element. 
In this description term security association refers to an agreed set of security services that are to be applied to the data 
transmitted from a first entity to a second entity; the unidirectional security association points towards the second entity. 
Each security association specifies at least one security service. Data origin authentication (authentication of the sending 
network element), data integrity and data encryption are examples of such security services. They may also include 
some details about security key management: if secret key cryptography is used, they may indicate a key distribution 
center, or if public key cryptography is used, they may indicate a certification center. A bi-directional security association 
indicates the security services to be applied on data sent to either direction between two network elements. The security 
services relating to a first direction may be different from those relating to the opposite direction. 
[0017] Before the security services indicated by a security association can be used, the security association needs to 
be established. Especially in a packet data network, where there are no dedicated connections, the existence of a 
security association is important for being able to securely transmit data. In this description the term establishing a 
security association refers to a procedure, where the first network element and the second network element in a secure 
manner negotiate the details of a security association pointing to one of them. One way to obtain a security association 
is a separate contract, for example, between firms and thereafter configuring network elements so that security associ- 
ations according to the contract are established. A more flexible and automatic way is to use a third network element, 
who is trusted by both the first network element and the second network element (or actually by the operators owning 
the first and second network elements), as an arbitrator. The third network element as an arbitrator can provide security 
documents to the first and second network elements, and using the information contained in these security documents, 
the first and second network element can check the origin of messages and thereafter negotiate and establish at least 
one security association pointing towards the first network element. It may be assumed that after a security association 
is set, the negotiated security services are applied on the data packets relating to that security association. 
[001 8] The use of a third network element as a key management center enables a first network element and a second 
network element to establish a security association without a previously negotiated contract. In a method according to 
the invention, a unidirectional security association pointing towards the first network element is sufficient for the first 
network element, for example, to authenticate the origin of the location request to be the second network element and 
to check that the location request has not been tampered. There may be a second unidirectional security association 
pointing towards the second network element, this security association specifying the authentication of origin. This way 
the second network element may check that a location response is sent by the first network element Furthermore, to 
keep location information private, the second security association may indicate that the data is encrypted. 
[0019] Usually the establishment of a security association is, however, not enough for transmitting location information. 
The first network element may check that the second network entity is allowed to receive location information or the 
mobile station may deny its location information to be sent to the second network element. Furthermore, the mobile 
station or a separate packet data device connected to the mobile station may want to set up a separate security association 
pointing from the second network element towards itself and thereafter check the origin of the location information 
request. After successfully authenticating the origin of the location information request, the location data may be trans- 
mitted to the second network element via the first network element, to which it is deliver by the cellular network using 
cellular network protocols. The location data may, alternatively or in addition, be transmitted from the packet data device 
directly to the second network element using packet data protocols, or - if the packet data device is an integral part of 
the mobile station - from the mobile station directly to the second network element using packet data protocols. It is 
possible that the location procedure of the cellular network is used only to inform the mobile station and the packet data 
device connected to the mobile station that the location of the packet data device is being requested. Thereafter the 
packet data device may determine its location without involving the cellular network and transmit the location information 
directly to the second network element. 

[0020] The novel features which are considered as characteristic of the invention are set forth in particular in the 
appended Claims. The dependent claims describe some preferred embodiments of the invention. The invention itself, 
however, both as to its construction and its method of operation, together with additional objects and advantages thereof, 
will be best understood from the following description of specific embodiments when read in connection with the accom- 
panying drawings. 

Figure 1 illustrates schematically an access network capable of locating a terminal and a packet data network ac- 
cording to prior art, 

Figure 2 illustrates a message sequence chart describing a location information transfer according to prior art, 
Figure 3 illustrates schematically a key management center in a packet data network and some security associations 
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between the key management center and a Location Server and a Gateway Mobile Location Center, 
Figure 4 illustrates a flowchart of a method according to a first preferred embodiment of the invention, 



5 Figure 5 illustrates a message sequence chart relating to the security documents and security association establish- 
ment according to a second preferred embodiment of the invention, 



Figure 6 illustrates a message sequence chart relating to the security documents and security association establish- 
ment according to a third preferred embodiment of the invention, 

10 

Figure 7 illustrates a flowchart of a method according to a fourth preferred embodiment of the invention, 



Figure 8 illustrates a message sequence chart relating to the security documents and security association establish- 
ment according to the invention, and 

15 

Figure 9 illustrates a network element, a packet data device and a mobile station according to the invention. 



[0021] Figures 1 - 2 are discussed in detail in the description relating to prior art. 

[0022] In the following, the GSM and GPRS networks are used as an example of an access network, which is capable 
20 of locating a terminal communicating with the access network and though which it is possible to have a connection to a 
packet data network. Universal Mobile Telecommunication System is a further example of such an access network. 
Furthermore, an IP network is used as an example of a packet data network and an IP device is used as an example 
of a packet data device. The GMLC is used as an example of the first network element, a Location Server is used as 
an example of the second network element and a key management center is used as an example of the third network 
25 element. 

[0023] The Internet Security Association described in Security Architecture for the Internet Protocol (RFC 2401 ) is an 
example of a security association. For the Internet Security Association it is specified that it can require data origin 
authentication or data encryption. A multiple of Internet Security Associations may have to be established, if both data 
origin authentication and data encryption are to be applied. A bi-directional security association can be implemented, 

30 for example, with two Internet Security Associations pointing to opposite directions. The actual data origin and data 
integrity service and data encryption service are provided by IPSec or Ipv6 protocol, when Internet Security Associations 
are used. Data origin and data integrity services are provided with an authentication header (AH) and data encryption 
with encryption of the security payload (ESP). The use of Internet Security Associations provides security services, 
which are applied on I P data packets. The Internet Security Associations are established, for example, using the ISAKMP 

35 protocol or Oakley key exchange protocol. Therefore it is not necessary for the network elements, which are endpoints 
of an Internet Security Association, to have additional applications or software in addition to the IPSec or Ipv6 and, for 
example, ISAKMP. 

[0024] In a method according to the invention, it is also possible to use other security association than Internet Security 
Associations. A security association can be established between two higher-layer (above network layer) protocols or 

40 applications, too. It is also possible to tunnel a security association via some network elements, or to use transitive 
security associations. Transitive security association means that while there is a first security association from A to B 
and a second security association from B to C, there is a transitive security association from A to B. 
[0025] Figure 3 illustrates Key Management Center KMC 1 32 and a Location Server LS 1 31 in a packet data network 
130. It further presents in the GSM/GPRS network the Gateway Mobile Location Center GMLC 154, which is able to 

45 exchange packet data via the packet data network with the Location Server. A mobile station 1 01 is also illustrated, and 
an IP device 102 connected to the mobile station. Again, the IP device may be an integral part of the mobile station. 
[0026] For the Location Server to receive location information, the GMLC has to be able to authenticate the origin of 
the location information request or, in other words, to be able to verify the identity the external client (Location Server) 
sending the location information request. One way to do this is to have an established security association, which 

so specifies at least data origin authentication, pointingfrom the Location Servertowards the GMLC. This security association 
is presented with the dashed arrow 301 in Figure 3. 

[0027] The Key Management Center is involved in establishing the security association by producing a security doc- 
ument, which allows the GMLS to authenticate LS before or during the establishment of the security association 301 . 
The KMC should thus be able to authenticate at least LS (either off-line beforehand or on-line during the location 
55 information request procedure) and be trusted at least by the GMLC, preferably by both the GMLC and the LS. In other 
words, the GMLC should accept, for example, pubiic key certificates signed by the KMC or, if shared secrets are used, 
both the GMLC and the LS should each have a common shared key with the KMC. In the first case the KMC is usually 
called a certification agent and in the latter it is a key distribution center. The Kerberos system is one example of a key 
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distribution center. It is also possible that the KMC is actually a tree of key management centers, and GMLC deals with 
one leaf-KMC and LS deals with other leaf-KMC. Because the leaf-KMCs belong to a same tree, it is possible to create 
a security document, which allows the GMLC to authenticate the LS securely. 

[0028] Figure 4 presents a flowchart describing a method according to the first preferred embodiment of the invention. 

5 In step 401 the GMLC receives a location information request message. Using the protocol headers of the data packet 
(s), for example, it may check if at least data origin authentication is applied on the data packet(s) in step 402. If no data 
origin authentication information is provided within the data packets, it can be assumed that there is no security association 
pointing from the sender towards the GMLC. Therefore the GMLC initiates security association establishment in step 
403. It is also possible that the Location Server initiates the security association establishment before it requests location 

10 information; in that case the procedure starts in step 403. Details of the security association establishment are discussed 
below. This security association establishment involves step 404, where the KMC is asked to produce a security document 
relating to the sender, and step 406, where the GMLC receives the security document. Thereafter the security association 
establishment is carried out using at least some information provided in the security document. To receive a location 
information request secured with proper data origin authentication, the GMLC may in step 407 ask the sender to transmit 

15 the request again (or for the first time, if the procedure started from step 403). 

[0029] If at least data origin authentication information is present in the data packet(s) relating to the location information 
request, after successfully authenticating the sender in step 408, the GMLC may check that the sender is authorized to 
receive location information in step 409. Thereafter the GMLC initiates the GSM/GPRS location procedure in step 410. 
The GSM/GPRS location procedure may be, for example, such a procedure as presented in Figure 2. Furthermore, it 

20 is possible that the GMLC wishes to transmit encrypted location information. In this case a second security association 
pointing from the GMLC towards the LS is also established. 

[0030] The contents of the security document issued by the KMC depend on whether secret key or public key cryp- 
tography is used. If public key cryptography is used, the security document relating to an entity X may be a certificate 
C ( PK X' ,D x: s kmc)» wnere PK x {s tne P UD,ic ke Y °f x « ID x is an identifier indicating X (typically its IP address) and S KMC 

25 is a cryptographic signature produced by the KMC to prove the authenticity of the certificate. Because there usually is 
such a cryptographic signature in a public key certificate, it is not necessary to transmit the certificates using methods 
that provide data integrity and data origin authentication. If secret key cryptography is used, the KMC usually needs to 
know the identity of both entities X and Y involved in the security association establishment. The KMC may generate a 
key K X _ Y and place this into the security document together with an identifier ID X . Thereafter it typically encrypts the 

30 security document using a secret key K KMC _ Y which it shares with Y. The security document SD, which is delivered to 
Y and relates to X, may thus be SD(ID X , K X . Y ; K KMC . Y ). At least the key K X . Y in the security document SD is encrypted 
with the last argument K KMC . Y . The KMC typically delivers the same secret key K X . Y and identifier ID Y in a second 
security document SD(ID Y , K X . Y ; K KMC . X ). The key K KMC . X is a shared secret between X and the KMC. 
[0031] Figure 5 presents, as an example, a message sequence chart for carrying out the security association estab- 

35 lishment according to a second preferred embodiment of the invention, where secret key cryptography is used. In Figure 
5, the GMLC initiates the procedure by sending a security association establishment request 501 to the LS. The security 
association requested is a security association pointing towards the GMLC, and it is marked here with SA(GMLC). The 
request 501 may, for example, explicitly state the endpoint of the security association, or the receiver may infer the 
endpoint to be the sender of the request 501. The LS may, after receiving the request 501, indicate that is wishes to 

40 establish a second security association SA(LS) with a request 502. Typically the SA(LS) is requires the encryption of 
data. It is also possible that the GMLC asks also for the security association SA(LS), in which case the messages 501 
and 502 can be single message. The LS asks the KMC for a security document relating to the GMLC with a security 
document request 503, and the KMC delivers the security document SD(GMLC) (message 504 in Figure 5). The security 
document SD(GMLC) may be, for example, SD(ID GMLC , K L s-qmlc» k kmc-ls)« as discussed above. Similarly, the GMLC 

^5 asks the KMC for a security document relating to the LS with a security document request 505, and the KMC delivers 
the security document SD(LS) (message 506 in Figure 5). After receiving the security documents the GMLC and LS can 
establish the requested security association(s) (arrow 507 in Figure 5). Typically there is a separate protocol for estab- 
lishing a security association, and authentication of each other is typically involved in security association establishment. 
When secret key cryptography is used, the knowledge of the key K LS . GMLC is usually tested in authentication. If the 

50 security associations are Internet Security Associations, the protocol to establish them is typically ISAKMP. Furthermore, 
it is also possible that an existing protocol such as Oakley key determination protocol or one of the other possible 
protocols for establishing security associations includes the messages 501 -506 or similar messages. 
[0032] The order of the messages and the names of the messages presented in Figure 5 are examples. The messages 
can be delivered in a different order. For example, as soon as the GMLC has received the location information request 

55 sent by the LS, the LS and GMLC know the identities of each other. They can ask the KMC to deliver the security 
documents before the security establishment requests are sent. 

[0033] Figure 6 presents, as an example, a message sequence chart for carrying out the security association estab- 
lishment according to a third preferred embodiment of the invention, where public key cryptography is used. When public 
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key certificates are used, the GMLC, for example, can ask the KMC to deliver a certificate C(PK GMLC , ID GMLC ; S KMC ) 
and deliver this certificate to the LS in the security association request message. It is also possible that the LS fetches 
the certificate C(PK GMLC , ID GMLC ; S KMC ) from the KMC. In Figure 6, the GMLC asks the KMC to deliver the certificate 
c ( pk gmlc> id gm!_C' s kmc). wnicn is marked as SD(GMLC) in Figure 6 (message 503). The KMC delivers the certificate 
(message 504), and thereafter the GMLC sends a security association SA(GMLC) establishment request 601 to the LS. 
This request 601 comprises also the certificate. After the LS receives the request 601 , it can authenticate GMLC. The 
authentication can be carried out using, for example, a challenge-and-response authentication, or the LS can check the 
validity of a cryptographic signature, which GMLC has placed to the request 601 . If the authentication of only GMLC is 
sufficient for establishing the security association SA(GMCL), it can be established at this point (arrow 602). If a second 
security association SA(LS) is required, similar messages are exchanged between the LS and the KMC (messages 505 
and 506) and between the LS and GMLC (security association SA(LS) request 603). Thereafter the security association 
SA(LS) can be established (arrow 604). 

[0034] As discussed above, typically there is a separate protocol for establishing a security association. It is also 
possible that an existing protocol for establishing security associations includes the messages 601 and 602 or similar 
messages. The order of the messages and the names of the messages presented in Figure 6 are examples. The 
messages can be delivered in a different order. Public key certificates can typically be asked from a KMC (or, more 
precisely, from a Certification Agent CA) either online, during a certain procedure, or off-line, before the procedure. If 
the LS and GMLC already have a certificate of the other entity, they need not to ask them again from the KMC. 
[0035] In a fourth preferred embodiment of the invention, the IP device, whose location is requested, wishes to au- 
thenticate the LS before location information is delivered to the LS. A flowchart of a method according to a fourth preferred 
embodiment is presented in Figure 7. The flowchart is a continuation to the flowchart in Figure 4, and it begins with step 
41 0, where the location procedure of a cellular network is initiated. In step 701 , the location procedure is carried out and 
at some point of the procedure a mobile station typically receives a notification that its location is requested. In Figure 
7, this occurs in step 702. The mobile station may inform an IP device connected to the mobile station about the location 
request (step 703). The indication sent to the mobile station may comprise an identifier of the LS, and it is possible that 
the IP device and the Location Server authenticate each other, for example, using a shared secret on which they have 
beforehand agreed. Authentication using public keys is also possible. This is presented in step 704. After successful 
authentication, the IP device and the Location Server can agree on the encryption method used to protect to location 
information (step 705). The I P device may have some means of determining its location, for example a Global Positioning 
System receiver, and it may locate itself (step 706). Thereafter it may send the location information to the Location Server 
in step 707. 

[0036] Figure 7 present also alternatives, where the IP device wishes to establish a security association pointing to 
itself from the Location Server (step 708). It is possible that the GMLC is involved as a third party in this security association 
establishment (step 709); this is discussed in more detail below. It is also possible that a second security association, 
which points from the IP device to the Location Server and specifies, for example, encryption of data, is established 
(step 710). The first security association allows the IP device to authenticate the Location Server. The second security 
association is typically used, when the IP device determines its own location (step 706), and it allows the IP device to 
transmit location information confidentially to the Location Server (step 707). It is also possible that the I P device authorizes 
the mobile station to grant a permission to transmit location information to the Location Server (step 71 1 ). In this case, 
it typically is sufficient to have only one security association pointing towards the IP device. After the authorization, the 
mobile station sends to the cellular network a message to permit the transmission of location information (step 712). If 
the location of the mobile station is not yet determined, the location procedure is completed at this time. The mobile 
station may be involved here, and even determine its own location and transmit the information via the cellular network 
to the GMLC. The location information is transmitted to the Location Server typically from the GMLC in step 713. The 
sequence of steps in Figure 7 is just an example of a method according to the invention, similarly as the alternatives 
presented in Figure 7. Onefurther alternative, forexample, isthatthe mobile station determines its location, andthereafter 
the IP device transmits the information to the Location Server. 

[0037] In a method according to the invention, the Location Server and the IP device may thus additionally or optionally 
establish security associations between themselves, if they have a common key management center in the Internet. 
Once the IP device has authenticated the LS, it can notify the mobile station to communicate to the GMLC (or to another 
network entity in the cellular network) a permission to transmit the location information. One alternative forthe IP device 
to authenticate the LS is to be involved in establishing a security association pointing from the IP device itself towards 
the LS. Properly selected security associations allow the LS and IP device to authenticate each other. 
[0038] As discussed above, it is possible that the I P device or the LS wishes to establish security associations between 
the IP device and the LS, and in the Internet there may not be a common key management center which both the IP 
device and LS trust for their data origin authentication and payload encryption. The GMLC trusts the mobile station, as 
the mobile station is authenticated by the cellular network. The mobile station trusts the cellular network and the GMLC 
by default or through building security associations between the GMLC and the mobile station. The HRL of the mobile 
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station may act as a key management center for the MS and GMLC, if needed. The mobile station, furthermore, can 
perform mutual authentication with the IP device. This is a feasible way to establish security associations between the 
Location Server and the IP device, after the GMLC has authenticated the Location Server, using the GMLC as a key 
management center. The authentication of the Location Server can, for example, be a part of establishing a security 

5 association between the Location Server and the GMLC presented in Figures 5 and 6. Figure 8 presents a message 
sequence chart relating to establishment of the bi-directional security associations between the IP device and the LS 
(cf. steps 708-710 in Figure 7). The IP device asks from the GMLC an establishment of a security association towards 
the LS (message 801). Alternatively, this message can be sent by the Location Server. If the GMLC has not already 
authenticated the Location Server, the GMLC typically needs to establish security associations with the Location Server 

10 first. It may perform the procedure presented in Figure 5 or 6 at this point. If there already are, for example, bi-directional 
security associations between the Location Server and the GMLC enabling at least data origin authentication, then the 
GMLC may proceed to sending to the IP device a security document relating to the Location Server (message 802). 
The security document typically is a security document SD(ID LS , K LS . IPdevjce ; K^Lc-iPdevice). and a simi,ar security 
document SD(ID, Pdevicei K LS ., Pdevice ; Kgmlc-ls). is sent t0 tne Location Server (message 803). The security documents 

15 may alternatively be public key certificates issued by the GMLC, if the GMLC knows the public key of the Location Server 
and IP device. With the help of the information included in the security documents, the Location Server and IP device 
can establish a bi-directional security association between themselves (arrow 804). If the security associations are 
Internet Security Associations, it is possible that a multiple of unidirectional Internet Security Associations is established. 
[0039] Especially if the IP device itself has positioning capability, for example there is a built-in GPS receiver in the 

20 |p device, it may wish to exchange information about its geographical location directly with a Location Server. In this 
case it is possible that after the mobile station receives a LCS notification, the IP device and the Location Server establish 
security associations between themselves and exchanges location information, as discussed above. This exchange of 
location information may occur, for example, in addition to the location information transmission from the GMLC to the 
Location Server. It is also possible that the mobile station denies the cellular network to transmit information to the 

25 Location Server, but the IP device, after authenticating the Location Server, transmits location information to the Location 
Server. 

[0040] Figure 9 illustrates schematically a network element 900 of a cellular network according to one embodiment 
of the invention, a packet data device 950, which is attachable to a mobile station or an integral part of a mobile station, 
according to the invention and a mobile station 901 according to the invention. The network element 900, packet data 
30 device 950 and mobile station 901 may support any method according to the invention, preferably one of those described 
as preferred embodiments of the invention. 

[0041] A network element 900 of a cellular network has the following means: means (910) for receiving from a packet 
data network a location information request relating to a certain mobile station, and means (920) for initiating a location 
procedure in the cellular network. Furthermore, it has means (930) for establishing security associations pointing to the 

35 network element from a network element of the packet data network, this security association establishment typically 
involving a Key management Center in a public packet data network. Further it has means (931 ) for performing security 
functions as specified by the security associations on data it receives from the packet data network, means (932) which 
are arranged to determine, if there is an existing security association pointing to the network element from a sender of 
a location information request, and means (933) for initiating security association establishment, which are arranged to 

^0 establish a security association if there does not exist a security association, which points towards the network element 
from the sender of a location information request. Typically the means are realized using microprocessors and software. 
The means comprised in the security block are typically realized using Internet protocol, IPSec protocol and, for example, 
ISAKMP and Oakley. 

[0042] The network element 900 may additionally have means (940) for receiving, for example, from an IP device 
45 reachable via the cellular network a request about a security association, which points to the network element from a 
certain network element of the packet data network. The network element may have means (932) for determining whether 
a requested security association exists, and means for transmitting (940) information about the requested security 
association to the device. The network element 900 may also additionally have means (943) for receiving a request to 
produce security documents relating to the device and to the sender of a location information request, and means (944) 
50 for producing a first security document relating to the device and a second security document relating to the sender of 
the location information request. 

[0043] The network element 900 may be a network element of a GSM/GPRS network, preferably a Gateway Mobile 
Location Center, or a network element of a UMTS network. 

[0044] A packet data device 950 is either an integral part of a mobile station or it is a separate device which can be 
55 attached to a mobile station. In the latter case it may be, for example, a laptop computer or a personal organizer. The 
packet data device 950 has means (960) for receiving information about a location information request and about a 
sender of a location information request from the mobile station and means (970) for exchanging with a network element 
connected to a cellular network information about a security association, which points to the network element from the 
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sender of the location information request. 

[0045] The packet data device 950 may additionally have means (980) for establishing a second security association 
(presented as arrow 302 in Figure 3), which points to the device from the sender of the location information request and 
specifies at least data origin authentication. It may further have means for requesting a network element of the cellular 
5 network to produce security documents relating to the device and to the sender of the information request for the 
establishment of the second security association, as discussed in connection with Figure 7. 

[0046] Furthermore, the packet data device 950 may have means (990) for transmitting to the mobile station a per- 
mission to send location information to the sender of the location information request, when there exists a security 
association pointing from the sender of the location information request to the GMLC, for example. Once the device has 
10 ascertained itself that the GMLC has authenticated the Location Server, it may decide to permit the transmission of 
location information. It is also possible that the packet data device 950 has means for locating itself, for example an in- 
built GPS receiver 995. 

[0047] The mobile station 901 has means for receiving from a cellular network a notification about a location information 
request and means for responding to the cellular network with a notification response. It furthermore has means for 
^5 notifying a device, which is attached to the mobile station, about the location information request. 

[0048] The means for responding to the cellular network may expect the device to give a permission, and only thereafter 
send a positive response is sent to the cellular network. In other words, the means for responding to the cellular network 
are initiated by a permission sent by the device. 

20 

Claims 

1. A packet data device (950) being an integral part of a mobile station (901) or being attachable to a mobile station 
(901), characterized in that the packet data device comprises: 

25 

- means (960) for receiving information about a location information request relating to the packet data device 
and about a sender of the location information request (131) from the mobile station; and 

- means (970) for exchanging with a first network element (900) connected to a packet data network and a 
cellular network information about a first packet data protocol security association (507), which points to the 

30 first network element from the sender of the location information request. 

2. A packet data device (950) according to claim 1 , characterized in that it further comprises means (980) for estab- 
lishing a second packet data protocol security association (804), which points to the packet data device (950) from 
the sender of the location information request (131) and specifies at least data origin authentication. 

35 

3. A packet data device according to claim 2, characterized In that it further comprises means (980) for requesting 
the first network element (900) to produce a first security document (803) relating to the packet data device, and a 
second security document (802) relating to the sender of the location information request for the establishment of 
the second packet data protocol security association (804). 

40 

4. A packet data device according to claim 1 , characterized In that it further comprises means (990) for transmitting 
to the mobile station (901 ) a permission to send location information to the sender of the location information request 
(131), which means are arranged to transmit the permission when there is said first packet data protocol security 
association (507). 

45 

5. A packet data device according to claim 1 , characterized in that it further comprises means for locating itself. 

6. A packet data device according to claim 5, characterized in that it comprises a Global Positioning System receiver. 

so 7. A mobile station (901) comprising or being attached to a packet data device (950) as claimed in claims 1 to 6, 
wherein said mobile station (901) comprises, 

means for receiving a notification from a first network element (900) connected to a packet data network and a 
cellular network about a location information request relating to the packet data device; and 
means for responding to the first network element (900) with a notification response, characterized in that it further 
55 comprises means for notifying said packet data device about the location information request. 

8. A mobile station (901) according to claim 7, characterized in that the means for responding to the first network 
element (900) are arranged to be initiated by a permission sent by the packet data device (950). 
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9. A system comprising a packet data device (950) as claimed in claims 1 to 6, the system further comprising a first 
network element (900) connected to a packet data network and a cellular network having 

- means (91 0) for receiving from a sender (1 31 ) in the packet data network a location information request relating 
to the packet data device, 

- means (920) for initiating a location procedure in the cellular network relating to the packet data device, 

- means (930) for establishing a first packet data protocol security association (507) pointing to the first network 
element (900) from said sender of the location information request, 

- means (931 ) for performing security functions as specified by the first packet data protocol security association 
(507) on data it receives from the packet data network, 

- means (932) which are arranged to determine, if there is an existing first packet data protocol security association 
(507), and 

- means (933) for initiating packet data protocol security association establishment, which are arranged to 
establish the first packet data protocol security association (507) if the the first packet data protocol security 
association (507) does not exist 

- means (940) for receiving from the packet data device (950) a request about the first packet data protocol 
security association (507), 

-means (932) for determining whether the requested first packet data protocol security association (507) exists, 
and 

- means (940) for transmitting information about the requested first packet data protocol security association 
(507) to the packet data device (950). 

10. A system according to claim 9, characterized in that the first network element (900) further comprises 

- means (943) for receiving a request to produce a first security document (803) relating to the packet data 
device (950) and a second security document (802,506) relating to the sender of a location information request 
(131), and 

- means (944) for producing said first security document (803) and said second security document (802). 

11. The system according to claim 9, characterized in that the first network element (900) is a network element of a 
GPRS network. 

12. The system according to claim 11, characterized in that the first network element (900) is a Gateway Mobile 
Location Center. 

13. The system according to claim 9, characterized in that the first network element (900) is a network element of a 
UMTS network. 

14. A method (400) for processing location information which is related to a packet data device (950) as claimed in 
claims 1 to 6, the method comprising the step of: 

- a first network element (900), which is connected to a packet data network and the cellular network, receiving 
(401) a location information request (201) relating to the packet data device from a sender of the location 
information request (131) in the packet data network, characterized in that the method further comprises the 
steps of: 

- requesting (404) from a second network element (132) which is connected to the packet data network, a 
second security document (506) relating to the sender of the location information request, 

- initiating the establishment (406) of at least a first packet data protocol security association (507), which 
specifies at least data origin authentication and points from the sender of the location information request 
to the first network element (900) and which establishment involves use of information comprised in the 
second security document (506, 802), 

- exchanging between the packet data device (950) and the first network element (900) information about 
the first packet data protocol security association (507), 

- after successful establishment of said first packet data protocol security association (507), authenticating 
(408) the sender of the location information request, and 

- if the sender of the location information request is authenticated successfully, initiating (410) a location 
procedure relating to the packet data device (950)in the cellular network. 
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15. A method according to claim 14, characterized in that the second security document (506) is a public key certificate 
which comprises an identifier specifying the sender of the location information request (131) and a public key of the 
sender of the location information request and which is cryptographically signed by the second network element (1 32). 

5 16. A method according to claim 14, characterized In that it further comprises the step of: 

- requesting from the second network element (132) a third security document (504) relating to the first network 
element (900). 

10 17. A method according to claim 1 6, characterized in that the security document (506, 802) comprises a first key which 
is encrypted using a second key shared between the first network element (900) and the second network element 
(1 32), and further characterized In that the third security document (504) comprises the first key, which is encrypted 
using a third key shared between the sender of the location information request and the second network element. 

15 18. A method according to claim 1 6, characterized in that it further comprises the step of: 

- initiating the establishment of a third packet data protocol security association (507) pointing from the first 
network element (900) to the sender of the location information request (131) using at least information comprised 
in the third packet data protocol security document (504). 

19. A method according to claim 1 8, characterized in that the first packet data protocol security association (507) is 
a set of Internet Security Associations pointing from the sender of the location information request to the first network 
element (900) and the third security association (507) is a second set of Internet Security Associations pointing from 
the first network element (900) to the sender of the location information request. 

20. A method according to claim 1 8, characterized in that the third packet data protocol security association (507) 
specifies at least data encryption. 

21. A method according to claim 1 4, characterized in that the first packet data protocol security association (507) is 
30 a set of Internet Security Associations pointing from the sender of the location information (131) request to the first 

network element (900). 

22. A method according to claim 14, characterized In that it further comprises the steps of: 

- said second network element (132), producing (404) said second security document (506), 

- establishing (406) the first packet data protocol security association (507) using at least information comprised 
in the second security document (506), and 

- after the establishment of the first data protocol security association (507), authenticating (408) the data origin 
of the sender of the location information request (131). 

23. A method according to claim 22, characterized in that it further comprises the step of: 

- transmitting (707, 71 3) location information relating to the packet data device (950) to the sender of the location 
information request (131). 

45 

24. A method according to claim 23, characterized in that the location information relating to the packet data device 
(950) is transmitted to the sender of the location information request (131) from the first network element (900). 

25. A method according to claim 24, characterized in that it further comprises the steps of: 

50 

- the second network element producing a third security document (504) relating to the first network element, and 

- establishing the third packet data protocol security association (507), which specifies at least data encryption 
and points from the first network element (900) to the sender of the location information request, using at least 
the information specified in the third security document (504). 

55 

26. A method according to ciaim 23, characterized in ihat it further comprises the step of: 

- establishing (708) a second packet data protocol security association (804), which specifies at least data origin 
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authentication and points from the sender of the location information request to the packet data device (950). 

27. A method according to claim 26, characterized In that it further comprises the step of: 

- before transmission of location information, establishing (71 0) afourth packet data protocol security association 
(804), which specifies at least data encryption and which points to the sender of the location information request 
(131) from said packet data device (950). 

28. A method according to claim 23, characterized in that it further comprises the steps of: 

- receiving (702) at a mobile station (901) comprising or being attached to the packet data device (950) a 
notification relating to the location procedure relating to the packet data device (950), and 

- the mobile station informing (703) said packet data device about the notification. 

29. A method according to claim 14, characterized in that the first network element (900) is a network element of a 
GPRS network. 

30. A method according to claim 29, characterized in that the first network element (900) is a Gateway Mobile Location 
Center. 

31. A method according to claim 14, characterized in that the first network element (900) is a network element of a 
UMTS network. 



Patentanspruche 

1 . Paketdatenvorrichtung (950), die ein integraler Teil einer Mobilstation (901 ) ist oder anfugbar an eine Mobilstation 
(901) ist, dadurch gekennzeichnet, dass die Paketdatenvorrichtung umfasst: 

- Mittel (960) zum Empfangen von Informationen uber eine Ortsinformations-Anfrage in Zusammenhang mit 
der Paketdatenvorrichtung und ubereinen Sender der Ortsinformations-Anfrage (131 ) von der Mobilstation; und 

- Mittel (970) zum Austauschen mit einem ersten Netzwerkelement (900), das mit einern Paketdatennetzwerk 
verbunden ist und Mobilfunknetzwerkinformationen uber eine erste Paketdaten-Protokoll-Sicherheits-Verknup- 
fung (507), die von dem Sender der Ortsinformations-Anfrage auf das erste Netzwerkelement zeigt 

2. Paketdatenvorrichtung (950) nach Anspruch 1, dadurch gekennzeichnet, dass sie weiter Mittel (980) zum Auf- 
bauen einer zweiten Paketdaten-Protokoll-Sichemeits-Verknupfung (804) umfasst, die vom Sender der Ortsinfor- 
mations-Anfrage (131) auf die Paketdatenvorrichtung (950) zeigt und mindestens eine Datenursprungs-Authentifi- 
zierung spezifiziert. 

3. Paketdatenvorrichtung nach Anspruch 2, dadurch gekennzeichnet, dass sie weiter Mittel (980) zum Anfragen 
des ersten Netzwerkelements (900) umfasst, urn ein erstes Sicherheitsdokument (803) in Zusammenhang mit der 
Paketdatenvorrichtung und ein zweites Sicherheitsdokument (802) in Zusammenhang mit dem Sender der Ortsin- 
formations-Anfrage zu erzeugen, zum Aufbau der zweiten Paketdaten-Protokoll-Sicherheits-Verknupfung (804). 

4. Paketdatenvorrichtung nach Anspruch 1 , dadurch gekennzeichnet, dass sie weiter Mittel (990) zum Ubertragen 
einer Erlaubnis, die Ortinformation an den Sender der Ortsinformations-Anfrage (1 31 ) zu senden, an die Mobilstation 
(901 ) umfasst, wobei die Mittel eingerichtet sind, die Erlaubnis zu ubertragen, wenn es die erste Paketdaten-Protokoll- 
Sicherheits-Verknupfung (507) gibt. 

5. Paketdatenvorrichtung nach Anspruch 1 , dadurch gekennzeichnet, dass sie weiter Mittel zur Selbstlokalisation 
umfasst. 

6. Paketdatenvorrichtung nach Anspruch 5, dadurch gekennzeichnet, dass sie einen Globai-Positionierungs-Sy- 
stem-Empfanger umfasst. 

7. Mobilstation (901) umfassend oder angefugt an eine Paketdatenvorrichtung (950) nach Anspruch 1 bis 6, wobei 
die Mobilstation (901) umfasst, 
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- Mittel zum Empfangen einer Benachrichtigung von einem ersten Netzwerkelement (900), dass mit einem 
Paketdatennetzwerk und einem Mobilfunknetzwerk verbunden ist, uber eine Ortsinformations-Anfrage in Zu- 
sammenhang mit der Paketdatenvorrichtung; und 

- Mittel zum Antworten an das erste Netzwerkelement (900) mit einer Benachrichtigungsantwort, die dadurch 
gekennzeichnet Ist, dass sie weiter Mittel zum Benachrichtigen der Paketdatenvorrichtung uber die Ortsin- 
formations-Anfrage umfasst. 

8. Mobilstation (901 ) nach Anspruch 7, dadurch gekennzeichnet, dass die Mittel zum Antworten an das erste Netz- 
werkelement (900) eingerichtet sind, urn durch eine Erlaubnis, die durch die Paketdatenvorrichtung (950) gesendet 
wurde, initiiert zu werden. 

9. System umfassend eine Paketdatenvorrichtung (950) nach den AnsprOchen 1 bis 6, wobei das System weiter ein 
erstes Netzwerkelement (900), das mit einem Paketdatennetzwerk verbunden ist und ein Mobilfunknetzwerk um- 
fasst, aufweisend 

- Mittel (91 0) zum Empfangen einer Ortsinformations-Anfrage in Zusammenhang mit der Paketdatenvorrichtung, 
von einem Sender (131) in dem Paketdatennetzwerk, 

- Mittel (920) zum Initiieren eines Ortungs-Ablaufs in dem Mobilfunknetzwerk in Zusammenhang mit der Paket- 
datenvorrichtung, 

- Mittel (930) zum Aufbauen einer ersten Paketdaten-Protokoll-Sicherheits-Verknupfung (507), die von dem 
Sender der Ortsinformations-Anfrage auf das erste Netzwerkelement (900) zeigt, 

- Mittel (931) zum Ausfuhren von Sicherheitsfunktionen, wie spezifiziert durch die erste Paketdaten-Protokoll- 
Sicherheits-Verknupfung (507) auf Daten, die sie von dem Paketdatennetzwerk empfangt, 

-Mittel (932), die eingerichtet sind, festzustellen, ob es eine existierende erste Paketdaten-Protokoll-Sicherheits- 
Verkniipfung (507) gibt, und 

- Mittel (933) zum Initiieren eines Aufbaus einer Paketdaten-Protokoll-Sicherheits-Verknupfung, die eingerichtet 
sind, die erste Paketdaten-Protokoll-Sicherheits-VerknOpfung (507) aufzubauen, wenn die erste Paketdaten- 
Protokoll-Sichertieits-Verknupfung (507) nicht existiert, 

- Mittel (940) zum Empfangen eine Anfrage uber die erste Paketdaten-Protokoll-Sicherheits-Verknupfung (507) 
von der Paketdatenvorrichtung (950), 

- Mittel (932) zum Feststellen, ob die angefragte erste Paketdaten-Protokoll-Sicherheits-Verknupfung (507) 
existiert, und 

- Mittel (940) zum Ubertragen von Informationen uber die angefragte erste Paketdaten-Protokoll-Sicherheits- 
Verknupfung (507) an die Paketdatenvorrichtung (950). 

10. System nach Anspruch 9, dadurch gekennzeichnet, dass das erste Netzwerkelement (900) weiter umfasst 

- Mittel (943) zum Empfangen einer Anfrage, urn ein erstes Sicherheitsdokument (803) in Zusammenhang mit 
der Paketdatenvorrichtung (950) und ein zweites Sicherheitsdokument (802, 506) in Zusammenhang mit dem 
Sender einer Ortsinformations-Anfrage (131) zu erzeugen, und 

- Mittel (944) zum Erzeugen des ersten Sicherheitsdokuments (803) und des zweiten Sicherheitsdokuments 
(802). 

11. System nach Anspruch 9, dadurch gekennzeichnet, dass das erste Netzwerkelement (900) ein Netzwerkelement 
eines GPRS-Netzwerks ist. 

12. System nach Anspruch 1 1 , dadurch gekennzeichnet, dass das erste Netzwerkelement (900) ein Gateway-Mobile- 
Location-Center ist. 

13. System nach Anspruch 9, dadurch gekennzeichnet, dass das erste Netzwerkelement (900) ein Netzwerkelement 
eines UMTS-Netzwerks ist. 

14. Verfahren (400) zum Ausfuhren von Ortsinformationen, die auf eine Paketdatenvorrichtung (950) nach Anspruch 1 
bis 6 bezogen sind, wobei das Verfahren die Schritte umfasst: 

- ein erstes Netzwerkelement (900), das mit einem Paketdatennetzwerk und dem Mobilfunknetzwerk verounden 
ist, das eine Ortsinformations-Anfrage (201 ) in Zusammenhang mit der Paketdatenvorrichtung von einem Sen- 
der der Ortsinformations-Anfrage (131) in dem Paketdatennetzwerk empfangt (401 ), dadurch gekennzeichnet, 
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dass das Verfahren we iter die Schritte umfasst: 

- Anfragen (404) eines zweiten Sicherheitsdokuments (506) in Zusammenhang mit dem Sender der Ortsinfor- 
mations-Anf rage von einem zweiten Netzwerkelement (132), das mit einem Paketdatennetzwerk verbundenist, 

- Initiieren des Aufbaus (406) von mindestens einer Paketdaten-Protokoll-Sicherheits-Verknupfung (507), die 
mindestens Datenursprungs-Authentifizierung spezifiziert und von dem Sender der Ortsinformations-Anfrage 
auf das erste Netzwerkelement (900) zeigt und deren Aufbau ein Verwenden von Informationen einbezieht, die 
in dem zweiten Sicherheitsdokument (506, 802) umfasst sind, 

- Austauschen von Informationen uberdie erste Paketdaten-Protokoll-Sicherheits-Verknupfung (507) zwischen 
der Paketdatenvorrichtung (950) und dem ersten Netzwerkelement (900), 

- Authentifizieren (408) des Senders der Ortsinformations-Anfrage, nach einem erfolgreichen Aufbau der Pa- 
ketdaten-Protokoll-Sicherheits-Verknupfung (507), und 

- Initiierung (410) eines Ortungs-Ablaufs in Zusammenhang mit der Paketdatenvorrichtung (950) in dem Mo- 
bilfunknetzwerk, wenn der Sender der Ortsinformations-Anfrage erfolgreich authentifiziert wird. 

15. Verfahren nach Anspruch 14, dadurch gekennzeichnet, dass das zweite Sicherheitsdokument (506) ein offent- 
liches Schlusselzertifikat ist, das einen Bezeichner, der den Sender der Ortsinformations-Anfrage (131) spezifiziert 
und einen offentlichen Schlussel des Senders der Ortsinformations-Anfrage umfasst und das durch das zweite 
Netzwerkelement (132) kryptografisch signiert ist. 

16. Verfahren nach Anspruch 14, dadurch gekennzeichnet, dass es weiter die Schritte umfasst: 

- Anfragen eines dritten Sicherheitsdokuments (504) in Zusammenhang mit dem ersten Netzwerkelement (900) 
von einem zweiten Netzwerkelement (1 32). 

17. Verfahren nach Anspruch 16, dadurch gekennzeichnet, dass das Sicherheitsdokument (506, 802) einen ersten 
Schlussel umfasst, der durch Verwendung eines zweiten Schlusseis verschlusselt ist, der von dem ersten Netzwer- 
kelement (900) und dem zweiten Netzwerkelement (132) gemeinsam genutzt wird, und weiter dadurch gekenn- 
zeichnet, dass das dritte Sicherheitsdokument (504) einen ersten Schlussel umfasst, der durch Verwendung eines 
dritten Schlusseis verschlusselt ist, der von dem Sender der Ortsinformations-Anfrage und dem zweiten Netzwer- 
kelement gemeinsam genutzt wird. 

18. Verfahren nach Anspruch 16, dadurch gekennzeichnet, dass es weiter die Schritte umfasst 

- Initiieren des Aufbaus einer dritten Paketdaten-Protokoll-Sicherheits-Verknupfung (507), die von dem ersten 
Netzwerkelement (900) auf dem Sender der Ortsinformations-Anfrage (131) zeigt unter Verwendung von min- 
destens Informationen, die in dem dritten Paketdaten-Protokoll-Sicherheits-Dokument (504) umfasst sind. 

19. Verfahren nach Anspruch 18, dadurch gekennzeichnet, dass die erste Paketdaten-Protokoll-Sicherheits-Ver- 
knGpfung (507) ein Satz von Internet-Sicherheitsverknupfungen ist, die von dem Sender der Ortsinformations- 
Anfrage auf das erste Netzwerkelement (900) zeigen und die dritte Sicherheitsverknupfung ein zweiter Satz von 
Internet-Sicherheitsverknupfungen ist, die von dem ersten Netzwerkelement (900) auf den Sender der Ortsinfor- 
mations-Anfrage zeigen. 

20. Verfahren nach Anspruch 18, dadurch gekennzeichnet, dass die dritte Paketdaten-Protokoll-Sicherheits-Ver- 
kniipfung (507) mindestens Datenverschlusselung spezifiziert. 

21. Verfahren nach Anspruch 14, dadurch gekennzeichnet, dass die erste Paketdaten-Protokoll-Sicherheits-Ver- 
knupfung (507) ein Satz von Internet-Sicherheitsverknupfungen ist, die von dem Sender der Ortsinformations 
(131)-Anfrage auf das erste Netzwerkelement (900) zeigen. 

22. Verfahren nach Anspruch 14, dadurch gekennzeichnet, dass es weiter die Schritte umfasst 

- Erzeugen (404) des zweiten Sicherheitsdokuments (506) durch das zweite Netzwerkelement (132), 

- Aufbauen (406) der ersten Paketdaten-Protokoll-Sicherheits-Verkniipfung (507) unter Verwendung von min- 
destens Informationen, die in dem zweiten Sicherheitsdokument (506) umfasst sind, und 

- Authentifizieren (408) des Datenursprungs des Senders der Ortsinformations-Antrage (1 31 ). nach dem Aufbau 
der ersten Paketdaten-Protokoll-Sicherheits-Verknupfung (507). 
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23. Verfahren nach Anspruch 22, dadurch gekennzeichnet, dass es weiter die Schritte umfasst: 

- Ubermittlung (707, 713) von Ortsinformationen im Zusammenhang mit der Paketdatenvorrichtung (950) an 
den Sender der Ortsinformations-Anfrage (131). 

24. Verfahren nach Anspruch 23, dadurch gekennzeichnet, dass die Ortsinformationen in Zusammenhang mit der 
Paketdatenvorrichtung (950) an den Sender der Ortsinformations-Anfrage (131) von dem ersten Netzwerkelement 
(900) ubermrttelt werden. 

25. Verfahren nach Anspruch 24, dadurch gekennzeichnet dass es weiter die Schritte umfasst: 

- Erzeugen eines dritten Sicherheitsdokuments (504) im Zusammenhang mit dem ersten Netzwerkelement 
durch das zweite Netzwerkelement, und 

- Aufbauen der dritten Paketdaten-Protokoll-Sicherheits-VerknQpfung (507), die mindestens Datenverschlus- 
selung spezifiziert und von dem ersten Netzwerkelement (900) auf den Sender der Ortsinformations-Anfrage 
zeigt, unter Verwendung von mindestens Informationen, die in dem dritten Sicherheitsdokument (504) spezifi- 
ziert sind. 

26. Verfahren nach Anspruch 23, dadurch gekennzeichnet, dass es weiter die Schritte umfasst: 

- Aufbauen (708) einerzweiten Paketdaten-Protokoll-Sicherheits-Verknupfung (804), die mindestens Datenur- 
sprungs-Authentifizierung spezifiziert und von dem Sender der Ortsinformations-Anfrage auf die erste Paket- 
datenvorrichtung (950) zeigt. 

27. Verfahren nach Anspruch 26, dadurch gekennzeichnet, dass es weiter die Schritte umfasst: 

- Aufbauen (710) einervierten Paketdaten-Protokoll-Sicherheits-Verknupfung (804), die mindestens Datenver- 
schlusselung spezifiziert und die auf den Sender der Ortsinformations-Anfrage (131) von der ersten Paketda- 
tenvorrichtung (950) zeigt, vor der Ubermittlung der Ortsinformationen. 

28. Verfahren nach Anspruch 23, dadurch gekennzeichnet, dass es weiter die Schritte umfasst: 

- Empfangen (702) eine Benachrichtigung in Zusammenhang mit dem Ortungs-Ablauf in Zusammenhang mit 
der Paketdatenvorrichtung (950) an einer Mobilstation (901), die die Paketdatenvorrichtung (950) umfasst Oder 
daran angefugt ist, und 

- Informieren (703) der Paketdatenvorrichtung uber die Benachrichtigung durch die Mobilstation, 

29. Verfahren nach Anspruch 14, dadurch gekennzeichnet, dass das erste Netzwerkelement (900) ein Netzwerkele- 
ment eines GPRS-Netzwerks ist. 

30. Verfahren nach Anspruch 29, dadurch gekennzeichnet, dass das erste Netzwerkelement (900) ein Gateway- 
Mobile-Location-Center ist. 

31. Verfahren nach Anspruch 14, dadurch gekennzeichnet, dass das erste Netzwerkelement (900) ein Netzwerkele- 
ment eines UMTS-Netzwerks ist. 



Revendications 

1. Dispositif de donnees par paquets (950) faisant partie integrante d'une station mobile (901 ) ou pouvant etre relie a 
une station mobile (901 ), caracterise en ce que le dispositif de donnees par paquets comprend : 

- un moyen (960) permettantde recevoirdes informations relatives a une demanded'informations de localisation 
relative au dispositif de donnees par paquets et relative a un expediteur de la demande d'informations de 
localisation (131), de la part de la station mobile ; et 

- un moyen (970) permettant d'echanger, avec un premier element de reseau (900) relie a un reseau de donnees 
par paquets et un reseau cellulaire, des informations relatives a une premiere association de security de protocole 
de donnees par paquets (507), qui pointe vers le premier element de reseau, provenant de I'expediteur de la 
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demande d'informations de localisation. 

Dispositif de donnees par paquets (950) selon la revendication 1 , caracterise en ce qu'il comprend en outre un 
moyen (980) permettant d'eteblir une seconde association de security de protocole de donnees par paquets (804), 
qui pointe vers le dispositif de donnees par paquets (950), depuis I'expediteur de la demande d'informations de 
localisation (131), et sp6cifie au moins une authentication d'origine des donnees. 

Dispositif de donnees par paquets selon la revendication 2, caracterise en ce qu'il comprend en outre un moyen 
(980) permettant de demander au premier element de reseau (900) de produire un premier document de s6curit6 
(803) relatif au dispositif de donn6es par paquets, et un second document de s6curite (802) relatif a I'expediteur de 
la demande d'informations de localisation, en vue de l'6tablissement de la seconde association de security de 
protocole de donnees par paquets (804). 

Dispositif de donnees par paquets selon la revendication 1 , caracterise en ce qu'il comprend en outre un moyen 
(990) permettant de transmettre a la station mobile (901 ) une permission d'envoyer des informations de localisation 
a I'expediteur de la demande d'informations de localisation (131), ledit moyen etant agence afin de transmettre la 
permission lorsqu'il existe ladite premiere association de securite de protocole de donnees par paquets (507). 

Dispositif de donnees par paquets selon la revendication 1 , caracterise en ce qu'il comprend en outre un moyen 
permettant de se localiser lui-meme. 

Dispositif de donnees par paquets selon la revendication 5, caracterise en ce qu'il comprend un recepteur de 
systeme de positionnement global. 

Station mobile (90 1 ) comprenant ou etant reiiee a un dispositif de donnees par paquets (950) selon les revendications 
1 a 6, dans laquelle ladite station mobile (901) comprend 

un moyen permettant de recevoir une notification de la part d'un premier element de reseau (900) relie a un reseau 
de donnees par paquets et un reseau cellulaire, relative a une demande d'informations de localisation relative au 
dispositif de donnees par paquets ; et 

un moyen permettant de repondre au premier element de reseau (900) avec une reponse de notification, caracte- 
risee en ce qu'elle comprend en outre un moyen permettant de nottfier ledit dispositif de donnees par paquets au 
sujet de la demande d'informations de localisation. 

Station mobile (901 ) selon la revendication 7, caracterlsee en ce que le moyen permettant de repondre au premier 
element de reseau (900) est agenc6 afin d'etre d6clench6 par une permission envoyee par le dispositif de donnees 
par paquets (950). 

Systeme comprenant un dispositif de donnees par paquets (950) selon les revendications 1 a 6, le systeme com- 
prenant en outre un premier element de reseau (900) relie a un reseau de donnees par paquets et un reseau 
cellulaire, possedant 

- un moyen (910) permettant de recevoir, de la part d'un expediteur (131) situe sur le reseau de donnees par 
paquets, une demande d'informations de localisation relatives au dispositif de donnees par paquets, 

- un moyen (920) permettant de declencher une procedure de localisation dans le reseau cellulaire, relative au 
dispositif de donnees par paquets, 

- un moyen (930) permettant d'etablir une premiere association de securite de protocole de donnees par paquets 
(507) pointant vers le premier element de reseau (900), depuis ledit expediteur de la demande d'informations 
de localisation, 

- un moyen (931 ) permettant d'effectuer des fonctions de securite specifiees par la premiere association de 
securite de protocole de donnees par paquets (507) sur les donnees qu'il recoit de la part du reseau de donnees 
par paquets, 

- un moyen (932) qui est agence afin de determiner si il existe ou non une premiere association de securite de 
protocole de donnees par paquets (507), et 

- un moyen (933) permettant de declencher t'etablissement d'une association de securite de protocole de 
donnees par paquets, qui est agence afin d'etablir la premiere association de securite de protocole de donnees 
par paquets (507) si la premiere association de securite de protocole de donnees par paquets (507) n 'existe pas, 

- un moyen (940) permettant de recevoir, de la part du dispositif de donnees par paquets (950), une demande 
relative a la premiere association de securite de protocole de donnees par paquets (507), 
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- un moyen (932) permettant de determiner si la premiere association de securite de protocole de donnees par 
paquets demandee (507) existe ou non, et 

- un moyen (940) permettant de transmettre des informations relatives a la premiere association de securite 
de protocole de donnees par paquets demandee (507) au dispositif de donnees par paquets (950). 

10. Systeme selon la revendication 9, caracterise en ce que le premier element de reseau (900) comprend en outre 

- un moyen (943) permettant de recevoir une demande afin de produire un premier document de securite (803) 
relatif au dispositif de donnees par paquets (950), et un second document de securite (802, 506) relatif a 
i'expediteur d'une demande d'informations de localisation (131), et 

- un moyen (944) permettant de produire ledit premier document de securite (803) et ledit second document 
de securite (802). 

11. Systeme selon la revendication 9, caracterise en ce que le premier element de reseau (900) est un element de 
reseau d'un reseau GPRS. 

12. Systeme selon la revendication 11, caracterise en ce que le premier element de reseau (900) est un centre de 
localisation mobile de passerelle. 

13. Systeme selon la revendication 9, caracterise en ce que le premier element de reseau (900) est un element de 
reseau d'un reseau UMTS. 

14. Precede (400) de traitement d'informations de localisation qui sont relatives a un dispositif de donnees par paquets 
(950) selon les revendications 1 a 6, le procede comprenant I'etape consistent a : 

- un premier element de reseau (900), qui est relie a un reseau de donnees par paquets et au reseau cellulaire, 
recevant (401) une demande d'informations de localisation (201) relatives au dispositif de donnees par paquets, 
de la part d'un expediteur de la demande d'informations de localisation (131) situe sur le reseau de donnees 
par paquets, caracterise en ce que le procede comprend en outre les etapes consistant a : 

- demander (404), depuis un second element de reseau (132) qui est relie au reseau de donn6es par 
paquets, un second document de securite (506) relatif a I'expediteur de la demande d'informations de 
localisation, 

- declencher I'etablissement (406) d'au moins une premiere association de securit6 de protocole de donnees 
par paquets (507), qui specifie au moins une authentication d'origine des donnees et qui pointe, depuis 
I'exp6diteur de la demande d'informations de localisation, vers le premier element de reseau (900), ledit 
etablissement impliquant ('utilisation des informations comprises dans le second document de securite 
(506, 802), 

- echanger, entre le dispositif de donnees par paquets (950) et le premier element de r6seau (900), des 
informations relatives a la premiere association de securite de protocole de donnees par paquets (507), 

- apres avoir etabli ladite premiere association de securite de protocole de donnees par paquets avec 
succes (507), authentifier (408) I'expediteur de la demande d'informations de localisation, et 

- si I'expediteur de la demande d'informations de localisation est authentifie avec succes, declencher (41 0) 
une procedure de localisation relative au dispositif de donnees par paquets (950) sur le reseau cellulaire. 

15. Procede selon la revendication 14, caracterise en ce que le second document de securite (506) est un certificat 
de cle publique qui comprend un identifiant specifiant I'expediteur de la demande d'informations de localisation 
(131) et une cle publique de I'expediteur de la demande d'informations de localisation, et qui est signe de maniere 
cryptographique par le second element de reseau (132). 

16. Procede" selon la revendication 14, caracterise en ce qu'il comprend en outre I'etape consistant a : 

- demander, depuis le second element de reseau (132), un troisieme document de securite (504) relatif au 
premier element de reseau (900). 

17. Proced6 selon la revendication 16, caracterise en ce que le document de securite (506, 802) comprend une 
premiere cle qui est cryptee en utilisant une seconde cle partagee entre le premier element de reseau (900) et le 
second element de reseau (132), et caracterise en outre en ce que le troisieme document de securite" (504) 
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comprend la premiere cle, qui est cryptee en utilisant une troisieme cle partagee entre I'expediteur de la demande 
d'informations de localisation et le second element de reseau. 

18. Procede selon la revendication 1 6, caracterise en ce qu'il comprend en outre I'etape consistant a : 

- declencher I'etablissement d'une troisieme association de securite de protocole de donnees par paquets (507) 
pointant, depuis le premier element de reseau (900), vers I'expediteur de la demande d'informations de locali- 
sation (131), en utilisant au moins les informations comprises dans le troisieme document de securite de pro- 
tocole de donnees par paquets (504). 

19. Procede selon la revendication 18, caracterise en ce que la premiere association de securite de protocole de 
donnees par paquets (507) est un ensemble dissociations de securite Internet pointant, depuis I'expediteur de la 
demande d'informations de localisation, vers le premier element de reseau (900), et la troisieme association de 
securite (507) est un second ensemble dissociations de securite Internet pointant, depuis le premier element de 
reseau (900), vers I'expediteur de la demande d'informations de localisation. 

20. Procede selon la revendication 18, caracterise en ce que la troisieme association de securite de protocole de 
donnees par paquets (507) specifie au moins un cryptage de donnees. 

21. Procede selon la revendication 14, caracterise en ce que la premiere association de securite de protocole de 
donnees par paquets (507) est un ensemble d'associations de securite Internet pointant, depuis I'expediteur de la 
demande d'informations de localisation (131), vers le premier element de reseau (900). 

22. Procede selon la revendication 14, caracterise en ce qu'il comprend en outre les etapes consistant a : 

- ledit second element de reseau (132) produisant (404) ledit second document de securite (506), 

- etablir (406) la premiere association de securite de protocole de donnees par paquets (507) en utilisant au 
moins les informations comprises dans le second document de securite (506), et 

- apres I'etablissement de la premiere association de securite de protocole de donnees par paquets (507), 
authentifier (408) I'origine des donnees de I'expediteur de la demande d'informations de localisation (131). 

23. Procede selon ia revendication 22, caracterise en ce qu'il comprend en outre I'etape consistant a : 

- transmettre (707, 713) des informations de localisation relatives au dispositif de donnees par paquets (950) 
a I'expediteur de ia demande d'informations de localisation (131). 

24. Procede selon la revendication 23, caracterise en ce que les informations de localisation relatives au dispositif de 
donnees par paquets (950) sonttransmises a I'expediteur de la demande d'informations de localisation (131) depuis 
le premier element de reseau (900). 

25. Procede selon la revendication 24, caracterise en ce qu'il comprend en outre les etapes consistant a : 

- le second element de reseau produisant un troisieme document de securite (504) relatif au premier element 
de reseau, et 

- etablir la troisieme association de securite de protocole de donnees par paquets (507), qui specifie au moins 
un cryptage de donnees et pointe, depuis le premier element de reseau (900), vers I'expediteur de la demande 
d'informations de localisation, en utilisant au moins les informations specif iees dans le troisieme document de 
securite (504). 

26. Procede selon la revendication 23, caracterise en ce qu'il comprend en outre I'etape consistant a : 

- etablir (708) une seconde association de securite de protocole de donnees par paquets (804), qui specifie au 
moins une authentication d'origine des donnees et pointe, depuis I'expediteur de la demande d'informations 
de localisation, vers le dispositif de donnees par paquets (950). 

27. Procede selon la revendication 26, caracterise en ce qu'il comprend en outre I'etape consistant a : 

- avant la transmission des informations de localisation, etablir (71 0) une quatrieme association de securite de 
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protocole de donnees parpaquets (804), qui specifie au moins un cryptage de donnees et po'inte vers I'expediteur 
de la demande d'informations de localisation (131), depuis ledit dispositif de donnees par paquets (950). 

28. Precede selon la revendication 23, caracterise en ce qu'il comprend en outre les etapes consistant a : 

- recevoir (702), au niveau d'une station mobile (901) comprenant ou etant reliee au dispositif de donnees par 
paquets (950), une notification relative a la procedure de localisation relative au dispositif de donnees par 
paquets (950), et 

- la station mobile informant (703) ledit dispositif de donnees par paquets au sujet de la notification. 

29. Procede selon la revendication 14, caracterise en ce que le premier element de reseau (900) est un element de 
reseau d'un reseau GPRS. 

30. Procede selon la revendication 29, caracterise en ce que le premier element de reseau (900) est un centre de 
localisation mobile de passerelle. 

31. Procede selon la revendication 14, caracterise en ce que le premier element de reseau (900) est un element de 
reseau d'un reseau UMTS. 
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